2021-06-12, 11:00–11:45, Track 3
Implementation and management of an Information Security Management System can seem like a daunting task. This presentation will cover my own lessons learned on multiple ISO 27001:2013 implementations and ongoing management of the ISMS. We will discuss ISMS 101, the must haves of your program, not skimping where it counts, less is more, and how to put a bow on your program. Take my challenges and turn them into your successes.
Implementation of an Information Security Management System can seem like a daunting task. Often companies attempt to implement programs with lack of resources and availability, limited tooling, aggressive timelines, etc. The implementation of an ISMS does not need to be overly complicated or difficult, but security professionals do have to be creative with their solutioning. With proper planning, companies can successfully implement their ISMS to support their security objectives. Additionally, companies must consider the implications of implementation of a program and how to maintain it afterwards. As we all know, these programs are not once and done. They require ongoing upkeep to remain in compliance.
This presentation will cover my own lessons learned on multiple ISO 27001:2013 implementations and ongoing management of the ISMS. We will discuss ISMS 101, the must haves of your program, not skimping where it counts, less is more, and how to put a bow on your program. Take my challenges and turn them into your successes.
Rose is a GRC Consultant with Seiso, LLC. Prior to joining the Seiso team, she worked as a Third-Party Management Lead at a major retailer. Within this program, she developed a comprehensive framework and evaluation process to assess vendors, as well as integrated automation with a cloud platform. Rose has a diverse IT and Security background spanning over 13 years' in network security/administration, enterprise vendor risk management, and security awareness program development and implementation. She brings over 8 years of experience from her time spent in the Navy as an Information System Technician. Rose also has her M.S. in Cyber Security and Information Assurance and a B.S. in Advanced Networking. Her industry experience spans health care, federal government, and retail.